Linux FreeS/WAN

X.509 Certificate Support for the Linux FreeS/WAN IPsec Stack

The popular X.509 patch for FreeS/WAN started by Andreas Steffen in 2000 was superseded in March 2004 by the strongSwan distribution which is maintained by the same author. Linux strongSwan is continuing in the steps of the FreeS/WAN project by steadily releasing new and improved VPN features under the GPL open source license:

The X.509 patch is not actively maintained any more. Here are the last releases for freeswan-1.99, freeswan-2.04, and freeswan-2.05:

distribution for freeswan-1.99,            pgp-sig,
date 2004/07/20, size 127'590 bytes, md5sum:
distribution for freeswan-2.04,            pgp-sig,
date 2004/07/20, size 218'438 bytes, md5sum:
distribution for freeswan>-2.05,            pgp-sig,
date 2004/07/20, size 214'699 bytes, md5sum:

All distributions are signed with my PGP key (RSA 1024 bits / KeyID: 40995359).

  • See the CHANGES file for the change history of the X.509 patch.
  • The dhcprelay distribution and the DHCP-over-IPsec HOWTO can be found here.

Marcus Müller <> has written a tool which allows you to configure Windows 2000 VPN connections on the basis of a FreeS/WAN-style ipsec.conf file

Nate Carlson <> has written a document that describes how to get FreeS/WAN with the X.509 patch to work with both another FreeS/WAN client and a
Windows XP / Windows 2000 client using Marcus Müller's ipsec tool:

Jacco de Leeuw <> has written a tutorial on how the free Windows LT2P/IPsec client available for Windows 95 / 98 / ME / NT4.0 / 2000 and XP can be used to establish an LT2P over IPsec tunnel to a FreeS/WAN security gateway equipped with an LT2P server:

Wouter Prins <> wrote a HOWTO that describes how to set up a Roadwarrior connection using PGPnet to a FreeS/WAN gateway with locally stored X.509v3 certificates:

I have published two articles in the renowned German computer magazine c't on the configuration of Windows roadwarriors and a Linux security gateway:

23.10.2008 Home